Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."

Question

Important notice:

If you register for testing, go to your profile settings and to your interests add delete profile.

Trying to login with Facebook to my website:

I get the following error:

URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

My settings (Basics) in Facebook are:

App Domains: openstrategynetwork.com
Site URL for website: http://openstrategynetwork.com/

In the advanced tab, Valid OAuth redirect URIs is set to:

http://openstrategynetwork.com/_oauth/facebook?close

App is public.

More settings (Advanced) here:

App key and secret are correct. I'm using Meteor and its accounts packages.

What url are you using to redirect to the Facebook sign in page? You still need to specify the redirect_uri in the authorization request. — Edward Jiang, May 03 '16 at 15:57
@aedm: ROOT_URL is set to ```http://openstrategynetwork.com``` — Amir Rahbaran, May 03 '16 at 16:15
@EdwardJiang: where can I do that? It's strange as it once was working for localhost. But even localhost is not working anymore. — Amir Rahbaran, May 03 '16 at 16:16
I am experiencing this issue also, redirect_uri matches exactly to the config in Client OAuth Settings - see more on https://developers.facebook.com/support/bugs/232085950706415/ need help anyone.. thanks in advance — josevoid, May 28 '18 at 07:23
I've a webapp which generates variable redirect URIs to pass some parameters, I guess I'm screwed? What about whitelisting a domain to allow all sort of URIs under it? — DrLightman, Dec 29 '19 at 18:48

score 126 · Answer 1 · edited Aug 13 '19 at 15:20

126

As the questioner writes

In the advanced tab, Valid OAuth redirect URIs is set to: ...

and I had the same problem (writing the redirect url into the wrong input field) I would like to highlight that

It's NOT

Settings -> Advanced -> Share Redirect Whitelist

but

Facebook Login -> Settings -> Valid OAuth redirect URIs

It would have saved me 2 hours of trial and error.

You should also have it in mind that www.example.com is not the same as example.com. Add both formats to the redirect URL.

edited Aug 13 '19 at 15:20

Ukor

322
4
16

answered Dec 12 '17 at 13:59

andymel

4,538
2
23
35

17

Down-voters: please add a comment about your concerns, otherwise the answer wont get better. – andymel Dec 12 '17 at 23:19
8

Jesus, i spent so much time looking in the wrong place, thank you. – ricks Aug 31 '18 at 15:50
Trying to add a new URI I get: `New HTTP Redirect URIs are not allowed` :( – XCS Nov 09 '19 at 14:10
Thanks so much. I tried everything, but at wrong place. What does "Share Redirect Whitelist" means? – Sunil Kumar Dec 06 '19 at 07:44
This is the answer for me. Also you want to go to `Settings -> Advanced -> Security -> Server IP Allow List` if Facebook complains about IP – Son Nguyen Nov 24 '20 at 18:51
1

im fortunate to have run into your answer before spending two hours, which I likely would have! Thank you! – eBoody Mar 14 '21 at 16:21
1

WHY can't I upvote one answer 1000 times? – Bennyboy1973 Jun 17 '21 at 02:00
@Bennyboy1973 Hey Benny, I'm somewhat confused as to how I should get the redirect URL. I.e I'm not 100% sure what it is since I cannot see it. Any idea on where I would get it? – DCoderT Apr 07 '22 at 19:05
1

@DCoderT you are free to choose your redirect URL. A user will get redirected to this URL when the OAuth process (Log in) is finished – andymel Apr 08 '22 at 09:35

score 95 · Accepted Answer · answered May 03 '16 at 16:22

95

The login with Facebook button on your site is linking to:

https://www.facebook.com/v2.2/dialog/oauth?client_id=1500708243571026&redirect_uri=http://openstrategynetwork.com/_oauth/facebook&display=popup&scope=email&state=eyJsb2dpblN0eWxlIjoicG9wdXAiLCJjcmVkZW50aWFsVG9rZW4iOiIwSXhEU05XamJjU0VaQWdqcmF6SXdOUWRuRFozXzc0X19lbVhGWUJTZGNYIiwiaXNDb3Jkb3ZhIjpmYWxzZX0=

Notice: redirect_uri=http://openstrategynetwork.com/_oauth/facebook

If you instead change the link to:

redirect_uri=http://openstrategynetwork.com/_oauth/facebook?close

It should work. Or, you can change the Facebook link to http://openstrategynetwork.com/_oauth/facebook

You can also add http://localhost/_oauth/facebook to the valid redirect URIs.

Facebook requires that you whitelist redirect URIs, since otherwise people could login with Facebook for your service, and then send their access token to an attacker's server! And you don't want that to happen ;]

answered May 03 '16 at 16:22

Edward Jiang

2,403
18
13

4

What exactly is a OAuth redirect URI? I would expect this to be the same URL as the root web app. – AlvinfromDiaspar May 11 '16 at 21:24
2

This seems to work. Although Im not sure if it was not originally as I was trying to log in with the account that I have the app created under. Implemented this solution, and used a different account and it worked (seemingly). The language and info on oAuth redirect URIs needs to be clear. The info is quit esoteric and almost arcane. Terms used aren't even defined or clarified. – abtecas Feb 21 '18 at 19:40
thanks so much fixed my issue! even though i got ssl working – Sweet Chilly Philly Nov 16 '18 at 10:05
The trick is to look at the redirect url and add that to the "Valid OAuth Redirect URIs" in my case thats signin-facebook. – Usama Saleem Nov 01 '19 at 13:47
1. make sure to add with and without www urls to your *Valid Auth redirect URIs* – Bhavin Rana Jul 25 '20 at 05:43
1

My redirect URL is https://${base_url}/#/fb-confirm Why this hash is causing a problem in this – Abhishek Matta Oct 23 '20 at 08:31

score 30 · Answer 3 · edited Apr 28 '22 at 18:45

30

This worked for me.

redirect_url = http://127.0.0.1:8080/accounts/facebook/login/callback/

I got that from my browser after clicking the Facebook button you browser will be redirected to a link for integrating with Facebook API, so where you will get that redirect. For my case the link was this from where I got the redirect_url.

https://www.facebook.com/dialog/oauth?client_id=...&scope=&response_type=code&state=...&redirect_uri=http://127.0.0.1:8080/accounts/facebook/login/callback/

edited Apr 28 '22 at 18:45

DinoMyte

8,737
1
19
26

answered Oct 29 '17 at 06:27

Umar Asghar

3,808
1
36
32

For my MVC application, I had to add "/signin-facebook" to the site url....thanks for the wonderful tip! – davaus Jul 09 '19 at 11:30
1

You save my weeks @Umar Asghar – tree em May 16 '20 at 14:56
Spent too long on this. Thank you!!!!!!!!!!!!! – JoelE Dec 08 '22 at 11:27

score 12 · Answer 4 · answered Nov 27 '16 at 17:00

12

Make sure "App Domain" and Facebook Login => Valid OAuth redirect URIs. There you must check www or without www. Its better if you use with www or without for all URLs in php,html,css files and Fb app settings.

Other thing is if you're using "/" end of the URLs you must add that URL to app settings of Valid OAuth redirect URIs. Example:- https://www.example.com/index.php/ if this url if youre using in the redirect url you must set that to app settings.

Hope this would be help.

answered Nov 27 '16 at 17:00

Sumith Harshan

6,325
2
36
35

in app domain you add both with and without www – qwertzman May 10 '17 at 18:44
What do you mean by this post friend I'm kinda confused. – TheBAST Oct 23 '19 at 10:08

Hooman Bahreini · Answer 5 · 2019-05-10T11:40:31.907

12

In my case, I just had to make sure I have my urls both with and without www for Application Domain and Redirect URLs:

In my case, I had to use: signin-facebook after my site url, for redirect url.

edited May 10 '19 at 11:40

answered May 10 '19 at 11:33

Hooman Bahreini

14,480
11
70
137

Are App Domains really needed? When I tested locally, it worked without setting App Domains – Darius.V Dec 02 '19 at 17:51
Do you use oAuth, and redirection? – Hooman Bahreini Dec 02 '19 at 21:03
yes. I use symfony bundle https://github.com/knpuniversity/oauth2-client-bundle – Darius.V Dec 03 '19 at 08:16

Elias Glyptis · Answer 6 · 2019-06-01T17:44:34.967

Ok First of all this is a very clear error message. Just look at this many devs miss this including my self. Have a look at the screen shot here please.

Under Products > Facebook Login > Settings

or just go to this url here (Replace YOUR_APP_ID with your app id lol):

https://developers.facebook.com/apps/YOUR_APP_ID/fb-login/settings/

If you are working on localhost:3000 Make sure you have https://localhost:3000/auth/facebook/callback

Ofcourse you don't have to have the status live (Green Switch on top right corner) but in my case, I am deploying to heroku now and will soon replace localhost:3000 with https://myapp.herokuapp.com/auth/facebook/callback

Of course I will update the urls in Settings/Basic & Settings/Advanced and also add a privacy policy url in the basic section.

I am assuming that you have properly configured initializers/devise.rb if you are using devise and you have the proper facebook gem 'omniauth-facebook', '~> 4.0' gem installed and gem 'omniauth', '~> 1.6', and you have the necessary columns in your users table such as uid, image, and provider. That's it.

score 7 · Answer 7 · answered Aug 05 '17 at 20:22

For my Node Application,

"facebook": {
        "clientID" : "##############",
        "clientSecret": "####################",
        "callbackURL": "/auth/facebook/callback/"
    }

put callback Url relative

My OAuth redirect URIs as follows

Make Sure "/" at the end of Facebook auth redirect URI

These setups worked for me.

score 3 · Answer 8 · answered Feb 01 '17 at 11:14

3

Changing from hauth.done=Facebook to hauth_done=Facebook in the Valid OAuth redirect URIs fixed it for me.

answered Feb 01 '17 at 11:14

girlgeek

31
2

score 2 · Answer 9 · answered Jul 28 '22 at 22:57

Hey Guys

so i was having this error below

Basically all you have to do is to make sure your url in "OAuth Redirect URIs" from facebook corresponds with your url callback in your code see the image sample below

!!!must match with this below

If error still persist make sure this 3(three) URL are correct!.

Site URL
Privacy Policy URL
App domains

you can view them in your developer->settings->basic tab.

hope this helps you fix the bug! Happy coding :)

score 1 · Answer 10 · answered Nov 29 '19 at 12:19

It might help somebody.

I had the similar error message, but only in dev and staging environments, not in production. The valid redirect URIs were correctly set, for the dev and staging subdomains as well as for production.

It turned out I forgot that for those environments we use the testing FB app, which is a separate one in the FB developer page. Had to select that and update its settings.

score 0 · Answer 11 · answered Sep 06 '16 at 23:31

0

Try to add http://openstrategynetwork.com/sigin-facebook to Client OAuth Settings valid redirect URL along with your own redirect URL.

answered Sep 06 '16 at 23:31

Hung Vu

5,624
2
30
27

score 0 · Answer 12 · answered Jun 07 '17 at 21:05

Login Helper of your site

$loginUrl = $helper->getLoginUrl('xyz.com/user_by_facebook/', $permissions);

and in facebook application dashboard (Under products tab : Facebook Login )

Valid OAuth redirect URIs should also be same to xyz.com/user_by_facebook/

as mentioned earlier while making request from web

score 0 · Answer 13 · answered Oct 10 '17 at 02:04

We had the same problem, such a nightmare.

Make sure your App IDs and Secret Keys are correct. If you are using separate development, staging and production apps for testing, the App IDs and Secret Keys are all different for each app. This is often the problem.
Make sure you have the callback URL set properly in your app config file (see below). And then add this as same URL under "Facebook Login" settings where it says "Valid OAuth redirect URIs". It should look like this (depending on your environment):

http://localhost/auth/facebook/callback http://staging.example.com/auth/facebook/callback http://example.com/auth/facebook/callback

Make sure your app domain is set to the correct domain for each environment, including both "www" and "no-www". Facebook also requires these domains to match the URL of your website or app platform. You will have to select "Add Platform" to add this.

requirement of matching redirect URIs with the URL of website is not possible for me because my redirect URIs or defined on another server and my website is served from different server, hwo can i go about it? — Jawad, Feb 20 '18 at 06:51

score 0 · Answer 14 · answered Nov 14 '17 at 02:27

In my case, I was integrating Facebook login within a Rails app tutorial. I had added http://localhost:3000/adsf to my Valid OAuth Redirect URIs, but the Rails app would open the url as http://0.0.0.0:3000 and would therefore try to redirect to http://0.0.0.0:3000/asdf. After adding http://0.0.0.0:3000/asdf to the Valid OAuth Redirect URIs, or navigating to http://localhost:3000/asdf, it worked as expected.

score 0 · Answer 15 · answered Sep 01 '19 at 10:10

In my case URI, as it was defined on FB, was fine, but I was using Spring Security and it was adding ;jsessionid=0B9A5E71DAA32A01A3CD351E6CA1FCDD to my URI so, it caused the mismatching.

https://m.facebook.com/v2.5/dialog/oauth?client_id=your-fb-id-code&response_type=code&redirect_uri=https://localizator.org/auth/facebook;jsessionid=0B9A5E71DAA32A01A3CD351E6CA1FCDD&scope=email&state=b180578a-007b-48bc-bd81-4b08c6989e18

In order to avoid the URL rewriting I added disable-url-rewriting="true" to Spring Security config, in this way:

<http auto-config="true" access-denied-page="/security/accessDenied" use-expressions="true"
      disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"/>

And it fixed my problem.

score 0 · Answer 16 · answered Aug 22 '20 at 07:46

0

Just add www in redirect_uri in your code.

Like:- https://www.facebook.com/v3.3/dialog/oauth?client_id=427141371274449&redirect_uri=https://www.example.com/facebook-callback&scope=email&state=5f40cc740267d3-34619096-32051275-123456

answered Aug 22 '20 at 07:46

Chintan Hingrajia

311
1
6

score -1 · Answer 17 · answered Dec 04 '20 at 21:37

-1

Put your url here Facebook Login -> Settings -> Valid OAuth redirect URIs AND you'll also get that error if your APP ID is wrong

answered Dec 04 '20 at 21:37

Nate Hammond

56
5

Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."

17 Answers17

Under Products > Facebook Login > Settings

Hey Guys

so i was having this error below

Basically all you have to do is to make sure your url in "OAuth Redirect URIs" from facebook corresponds with your url callback in your code see the image sample below

!!!must match with this below

Linked

Related